CVE-2014-0494
critical
CVSS v3
—
CVSS v2
10.0
VIR risk
10.0
Description
Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: psirt@adobe.com — http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| adobe | digital_editions | 2.0.1 | |
References
- http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
- http://osvdb.org/102364
- http://secunia.com/advisories/56578
- http://www.securityfocus.com/bid/65091
- http://www.securitytracker.com/id/1029680
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90648
- http://helpx.adobe.com/security/products/Digital-Editions/apsb14-03.html
- http://osvdb.org/102364
- http://secunia.com/advisories/56578
- http://www.securityfocus.com/bid/65091
- http://www.securitytracker.com/id/1029680
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90648
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.